CLAIMS 

What is claimed is: 



1 1 . A method of determining network penetration, the method comprising the computer- 

2 implemented steps of: 

3 representing a possible travel of a packet in a network based on topology data and on 

4 security policy data; and, 

5 providing an output that specifies a possible penetration of the packet into the 

6 network, based on the step of representing. 

12. A method as recited in Claim 1 , wherein the security policy data comprises one or 
2 more access control lists of one or more network devices in the network. 

13. A method as recited in Claim 1, further comprising the step of receiving packet 
2 parameters. 

14. A method as recited in Claim 3, wherein the packet parameters comprise an entry 
2 point where the packet enters the network. 

1 5. A method as recited in Claim 3, wherein the packet parameters comprise a destination 

2 address. 

16. A method as recited in Claim 1, wherein the topology data is received as input related 
2 to a user interface. 

17. A method as recited in Claim 1, wherein the security policy data is based on access 
2 control lists associated with input received in a user interface. 
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1 8. A method as recited in Claim 1, further comprising determining a maximum 

2 penetration point. 

19. A method as recited in Claim 1 5 wherein the step of representing comprises accessing 

2 the security policy data and the topology data related to a network device for which it has 

3 been determined that the packet could reach. 

1 10. A method as recited in Claim 1 , wherein the step of representing comprises 

2 determining whether ingress is allowed to a network device for which it has been determined 

3 that the inbound interface could be reached by the packet. 

1 1 1 . A method as recited in Claim 1 , wherein the step of representing comprises determining 

2 whether there are any neighboring network devices to a network device for which it has been 

3 determined that the packet could reach. 

1 12. A method as recited in Claim 1, wherein the step of representing comprises 

2 determining whether there are any outbound interfaces that have not yet been checked for 

3 whether there is another network device connected thereto. 

1 13. A method as recited in Claim 12, wherein the step of representing comprises 

2 recursively applying the step of determining whether there are any outbound interfaces. 

1 14. A method as recited in Claim 1, wherein the step of representing comprises: 

2 checking an inbound access control list (ACL) of an interface of a network device 

3 comprising a simulated network entry point for the packet; 

4 if the inbound access control list permits ingress of the packet, checking one or more 

5 outbound ACLs for each outbound interface of the network device to determine one 

6 or more possible outbound interfaces on which egress of the packet is permitted; 
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7 for each of the one or more possible outbound interfaces on which the egress of the packet is 

8 permitted, repeating the checking steps with respect to each neighbor network device 

9 that is connected to each of the one or more possible outbound interfaces. 

1 15. A method as recited in claim 1 further comprising receiving packet parameters 

2 specifying information corresponding to a plurality of packets. 

1 16. A method as recited in claim 1 wherein the step of representing comprises: 

2 at a network device that for which it is determined that the packet could reach, determining if 

3 a static routing table is present; and 

4 if the static routing table is present, then 

5 accessing the static routing table, and 

6 determining an outbound interface through which egress is permitted based on the 

7 static routing table. 

1 17. The method of claim 16, further comprising not permitting egress through an 

2 outbound interface permitted by the static routing table, but not permitted by an access 

3 control list associated with the security policy. 

1 18. A method as recited in claim 1 wherein the step of representing comprises: 

2 at a network device for which it is determined that the packet could reach, determining if a 

3 static routing table is present; and 

4 if the static routing table is not present, then for each outbound interface, representing an 

5 egress by the packet as part of the representing of the travel of the packet. 

1 19. A method as recited in claim 1, further comprises receiving packet parameters that 

2 support transmission control protocol flags. 

1 20. A method as recited in claim 1 , wherein the results comprise a graphical display of at 

2 least allowed paths of the packet. 

-29- 

50325-0817 (Seq. No. 7953) 



1 21. A method as recited in claim 19, wherein the graphical display also includes at least a 

2 mapping of network devices and connections between the network devices. 

1 22. A method of determining potential penetration of a packet into a network, the method 

2 comprising the computer-implemented steps of: 

3 receiving network topology data; 

4 receiving first information defining a packet flow comprising a source address; 

5 receiving second information defining a first network device, comprising a network address 

6 and an ingress interface identifier for an ingress interface; 

7 determining whether the ingress interface of the first network device allows the packet flow 

8 to enter the first network device, based on a first access control list associated with 

9 the ingress interface; 

10 determining one or more egress interfaces of the first network device that allow egress of the 

1 1 packet flow, based on one or more second access control lists associated with the one 

1 2 or more egress interfaces; 

1 3 based on the network topology data, determining one or more second network devices that 

14 are coupled to the one or more egress interfaces; and 

15 recursively performing the determining steps for each of the one or more second network 

16 devices. 

1 23. A method as recited in Claim 22, further comprising the steps of determining if a 

2 static routing table is present, and wherein the step of determining the one or more 

3 egress interfaces is performed based on the static routing table. 

1 24. The method of claim 23, further comprising not permitting egress through an 

2 outbound interface permitted by the static routing table, but not permitted by the one or more 

3 access control lists. 
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1 25. A method of determining network penetration, the method comprising the computer- 

2 implemented steps of: 

3 representing a travel of a packet in a network based on topology data and on security policy 

4 data including at least 

5 defining a packet by at least specifying a source address, an entry port, and a 

6 destination port; 

7 starting a loop for a current network device; 

8 accessing access control list (ACL) data stored in an ACL database and the 

9 topology data stored in a topology database; 

1 0 deciding whether an ingress interface of a current network device allows entry 

1 1 into the current network device, 

12 if the entry is not permitted, then terminating the loop for the 

1 3 current network device, 

1 4 if the entry is permitted continuing the loop; 

15 determining if a static routing table is present, 

16 if the static routing table is present then determining to which interface 

17 outbound traffic is permitted to exit, and 

1 8 if the static routing table is not present, then allowing outbound traffic 

19 to exit through all outbound interfaces; 

20 determining if there are any neighboring network devices, 

2 1 if there are not any neighboring network devices, then an indication of 

22 the current network device is returned as a maximum 

23 penetration point as at least part of results of the step of 

24 representing, and the loop is terminated; 

25 if there is a neighboring network device, then the loop continues 

26 determining whether or not there are any remaining outbound interfaces for 

27 which results of a possible egress of the packet have not been 

28 determined, 

29 if there are no more remaining outbound interfaces, then the 

30 loop is terminated, 
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if there are more remaining interfaces, then 

the current network device is set to the neighboring 
network device to corresponding one of the 
remaining outbound interfaces, and 
if the loop has not been terminated for the current network device, restarting 
the loop for the current network device. 
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1 26. A system for determining penetration into a network, the system comprising: 

2 one or more processors; 

3 a topology database storing topology information about the database; 

4 an Access Control List (ACL) database storing ACL information related to the network; 

5 a computer-readable medium carrying one or more sequences of instructions for displaying a 

6 penetration Graphical User Interface (GUI) including at least 

7 input fields having at least 

8 a topology information input field, 

9 an ACL input field, 

10 a source address input field for entering at least a source address of a 

1 1 packet, 

12 an entry point entry field for entering at least a one entry point to the 

1 3 network for the packet, and 

14 a destination input field for entering at least a destination address for the 

1 5 packet, and 

16 output penetration information including at least a graphical output including 

17 at least a representation of 

1 8 network devices of the network, 

19 connections between the network device corresponding to the topology 

20 data, 

21 at least one entry point to the network, 

22 paths the packet is allowed to follow based on the topology data and 
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the ACL data, 
at least one maximum penetration point; and 
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25 a penetration module that 

26 accesses the topology database, 

27 accesses the ACL database, 

28 receives input corresponding to the input fields, and 

29 produces the output penetration information for display in the penetration GUI. 

1 27. A system for determining network penetration, the system comprising: 

2 one or more processors, and a computer-readable medium carrying one or more sequences of 

3 instructions for causing the one or more processors to carry out a method comprising the step 

4 of: 

5 representing a possible travel of a packet in a network based on topology data and on 

6 security policy data; and, 

7 providing an output that specifies a possible penetration of the packet into the 

8 network, based on the step of representing. 

1 28. A system as recited in Claim 26, wherein the security policy data comprises one or 

2 more access control lists stored on one or more network devices in the network. 

1 29. A system as recited in Claim 26, the method further comprises the step of receiving 

2 packet parameters. 

1 30. A system as recited in Claim 29, wherein the packet parameters comprise an entry 

2 point where the packet enters the network. 

1 31. A system as recited in Claim 29, wherein the packet parameters comprise a 

2 destination address 

1 32. A system as recited in Claim 27, wherein the topology data is based on input related 

2 to a user interface. 
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1 33. A system as recited in Claim 27, wherein the security policy data is based on access 

2 control lists associated with input related to a user interface. 

1 34. A system as recited in Claim 27, wherein the method further comprises determining a 

2 maximum penetration point. 

1 35. A system as recited in Claim 27, wherein the step of representing comprises accessing 

2 the security policy data and the topology data related to a network device for which it has 

3 been determined that the packet could be reach. 

1 36. A system as recited in Claim 27, wherein the step of representing comprises 

2 determining whether ingress is allowed to a network device whose inbound interface for 

3 which it has been determined that the packet could be reach. 

1 37. A system as recited in Claim 27, wherein the step of representing comprises determining 

2 whether there are any neighboring network devices to a network device for which it has been 

3 determined that the packet could reach. 

1 38. A system as recited in Claim 27, wherein the step of representing comprises 

2 determining whether there are any outbound interfaces that have not yet been checked for 

3 whether there is another network device connected thereto. 

1 39. A system as recited in Claim 38, wherein the step of representing comprises 

2 recursively applying the step of determining whether there are any outbound interfaces. 

1 40. A system as recited in Claim 27, wherein the representing of the travel of the packet 

2 comprises: 

3 checking an inbound access control list (ACL) of an interface of a network device 

4 comprising a simulated network entry point for the packet; 
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5 if the inbound access control list permits ingress of the packet, checking one or more 

6 outbound ACLs for each outbound interface of the network device to determine one 

7 or more possible outbound interfaces on which egress of the packet is permitted; 

8 for each of the one or more possible outbound interfaces on which the egress of the packet is 

9 permitted, repeating the checking steps with respect to each neighbor network device 
1 0 that is connected to each the one or more possible outbound interface. 

1 41. A system as recited in claim 27 wherein the packet parameters specify information 

2 corresponding to a plurality of packets. 

1 42. A system as recited in claim 27 wherein the step of representing comprises: 

2 at a network device being represented as having been reached by the packet, determining if a 

3 static routing table is present; and 

4 if the static routing table is present, then 

5 accessing the static routing table, and 

6 determining an outbound interface through which egress is permitted based on the 

7 static routing table. 

1 43. The system of claim 42, the method further comprising not permitting egress through an 

2 outbound interface permitted by the static routing table, but not permitted by an access 

3 control list associated with the security policy. 

1 44. A system as recited in claim 27, wherein the step of representing comprises: 

2 at a network device for which it is determined that the packet could reach, determining if a 

3 static routing table is present; and 

4 if the static routing table is not present, then for each outbound interface, representing an 

5 egress by the packet as part of the representing of the travel of the packet. 
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1 45. A system as recited in claim 27, further comprises receiving packet parameters that 

2 support transmission control protocol flags. 

3 46. A system as recited in claim 27, wherein the results comprise a graphical display of at 

4 least allowed paths of the packet. 

5 47. A system as recited in claim 27, wherein the graphical display also includes at least a 

6 mapping of network devices and connections between the network devices. 

1 48. A system as recited in Claim 27, wherein the step of representing comprises: 

2 defining a packet flow by at least specifying a source address, a source port, and a destination 

3 port; 

4 starting a loop for a current network device; 

5 accessing the ACL data stored in an ACL database and the topology data stored in a topology 

6 database; 

7 deciding whether an ingress interface of a current network device allows entry into the 

8 current network device, 

9 if the entry is not permitted, then terminating a loop for the current network 

10 device, 

1 1 if the entry is permitted continuing the loop; 

12 determining if a static routing table is present, 

13 if the static routing table is present then determining to which interface outbound 

14 traffic is permitted to exit, and 

15 if the static routing table is not present, then allowing outbound traffic to exit through 

16 all outbound interfaces; 

17 determining if there are any neighboring network devices, 

18 if there are not any neighboring network devices, then 

19 an indication of the current network device is returned, as results of the step of 

20 representing, as a maximum penetration point, and 

21 the loop is terminated, and 

22 if there is a neighboring network device, then the loop continues; 
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23 determining whether or not there are any remaining outbound interfaces that the packet has 

24 not reached, 

25 if there are no more remaining outbound interfaces, then the loop is 

26 terminated, and 

27 if there are more remaining interfaces, then 

28 the current network device is set to the neighboring network device 

29 corresponding one of the remaining outbound interfaces; and 

30 if the loop has not been terminated for the current network device, restarting the loop 

3 1 for the current network device. 

1 49. A computer-readable medium carrying one or more sequences of instructions for 

2 determining network penetration, wherein execution of the one or more sequences of 

3 instructions by one or more processors causes the one or more processors to perform the step 

4 of: 

5 representing a possible travel of a packet in a network based on topology data and on 

6 security policy data; and, 

7 providing an output that specifies a possible penetration of the packet into the 

8 network, based on the step of representing. 

1 50. A computer readable medium as recited in Claim 49, wherein the security policy data 

2 comprises one or more access control lists of one or more network devices in the network. 

1 51. A computer readable medium as recited in Claim 49, wherein the instructions further 

2 comprise the step of receiving packet parameters. 

1 52. A computer readable medium as recited in Claim 5 1 , wherein the packet parameters 

2 comprise an entry point where the packet enters the network. 

1 53. A computer readable medium as recited in Claim 51, wherein the packet parameters 

2 comprise a destination address. 
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1 54. A computer readable medium as recited in Claim 5 1 , wherein the instructions further 

2 comprise the step of reading topology information from a topology database. 

1 55. A computer readable medium as recited in Claim 49, wherein the topology data is 

2 based on input related to a user interface. 

1 56. A computer readable medium as recited in Claim 49, wherein the security policy data 

2 is based on access control lists associated with input related to a user interface. 

1 57. A computer readable medium as recited in Claim 49, wherein the instructions further 

2 comprise the step of determining a maximum penetration point. 

1 58. A computer readable medium as recited in Claim 49, wherein the step of representing 

2 comprises accessing the security policy data and the topology data related to a network 

3 device for which it has been determined that the packet could reach. 

1 59. A computer readable medium as recited in Claim 49, wherein the step of representing 

2 comprises determining whether ingress is allowed to a network device whose inbound 

3 interface for which it has been determined that the packet could be reach. 

1 60. A computer readable medium as recited in Claim 49, wherein the step of representing 

2 comprises determining whether there are any neighboring network devices to a network 

3 device for which it has been determined that the packet could be reach. 

1 61 . A computer readable medium as recited in Claim 49, wherein the step of representing 

2 comprises determining whether there are any outbound interfaces that have not yet been 

3 checked for whether there is another network device connected thereto. 
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1 62. A computer readable medium as recited in Claim 49, wherein the step of representing 

2 comprises recursively applying the step of determining whether there are any outbound 

3 interfaces. 

1 63. A computer readable medium as recited in Claim 49, wherein the representing 

2 comprises: 

3 checking an inbound access control list (ACL) of an interface of a network device 

4 comprising a simulated network entry point for the packet; 

5 if the ingress is permitted, checking the outbound ACLs for each outbound interface of the 

6 network device at which the packet has arrived to determine possible outbound 

7 interfaces on which egress of the packet is permitted; 

8 for each of the possible outbound interfaces on which the egress of the packet is permitted, 

9 move the packet to a connected network device that corresponds to the network 

10 interface and repeat the step of checking an inbound egress and the step of if the 

1 1 ingress is permitted checking the outbound ACLs. 

1 64. A computer readable medium as recited in Claim 49, wherein the instructions further 

2 comprise the step of packet parameters specifying information corresponding to a plurality of 

3 packets. 

1 65. A computer readable medium as recited in Claim 49, wherein the step of representing 

2 comprises: 

3 at a network device reached, determining if a static routing table is present; and 

4 if the static routing table is present, then 

5 accessing the static routing table, and 

6 determining an outbound interface through which egress is permitted based on the 

7 static routing table. 
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1 66. The computer readable medium of claim 65, the method further comprising not 

2 permitting egress through an outbound interface permitted by the static routing table, but not 

3 permitted by an access control list associated with the security policy. 

1 67. A computer readable medium as recited in Claim 51, wherein the step representing 

2 comprises: 

3 at a network device reached, determining if a static routing table is present; and 

4 if the static routing table is not present, then for each outbound interface, representing an 

5 egress by the packet as part of the representing of the travel of the packet. 

1 68. A computer readable medium as recited in Claim 51, wherein the instructions further 

2 comprise the step of receiving packet parameters that support transmission control protocol 

3 flags. 

1 69. A computer readable medium as recited in Claim 51, wherein the results comprise a 

2 graphical display of at least allowed paths of the packet. 

1 70. A computer readable medium as recited in Claim 69, wherein the graphical display also 

2 includes at least a mapping of network devices and connections between the network devices. 

1 71. A computer readable medium as recited in Claim 5 1 , wherein the step of representing 

2 comprises: 

3 defining a packet flow by at least specifying a source address, a source port, and a destination 

4 port; 

5 starting a loop for a current network device; 

6 accessing the ACL data stored in an ACL database and the topology data stored in a topology 

7 database; 

8 deciding whether an ingress interface of a current network device allows entry into the 

9 current network device, 
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10 if the entry is not permitted, then terminating a loop for the current network 

1 1 device, 

12 if the entry is permitted continuing the loop; 

13 determining if a static routing table is present, 

14 if the static routing table is present then determining to which interface outbound 

1 5 traffic is permitted to exit, and 

16 if the static routing table is not present, then allowing outbound traffic to exit through 

1 7 all outbound interfaces; 

1 8 determining if there are any neighboring network devices, 

19 if there are not any neighboring network devices, then an indication of the current 

20 network device is returned as results of the step of simulation as a maximum 

21 penetration point, and the loop is terminated, and 

22 if there is a neighboring network device, then the loop continues; 

23 determining whether or not there are any remaining outbound interfaces that the packet has 

24 not reached, 

25 if there are no more remaining outbound interfaces, then the loop is 

26 terminated, and 

27 if there are more remaining interfaces, then 

28 the current network device is set to the neighboring network device 

29 corresponding one of the remaining outbound interfaces; and 

30 if the loop has not been terminated for the current network device, restarting the loop for the 

3 1 current network device; and 

32 the method further comprising the step of: 

33 displaying the results of the simulating by at least displaying 

34 an allowed packet path, if found, and 

35 the maximum penetration point. 

1 72. A system for determining network penetration comprising: 

2 means for representing a possible travel of a packet in a network based on topology data and 

3 on security policy data; and, 
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means for providing an output that specifies a possible penetration of the packet into the 
network, based on the step of representing. 
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